Midterm review for CIS 263 (ethical hacking and countermeasures)
Which of the following best describes a lock shim?
A thin, stiff piece of metal. A lock shim is a tool that is, basically, a thin, stiff piece of metal that can be inserted into the latch of a padlock.
The following formula defines which method of dealing with risk? Cost of Risk > Damage = Risk _________
Acceptance Risk acceptance occurs when the organization determines that the cost and effort to mitigate a risk outweighs the risk's potential damage, so they simply accept the risk.
You are executing an attack in order to simulate an outside attack. Which type of penetration test are you performing?
Black box In a black box test, the ethical hacker has no information regarding the target or network. This type of test best simulates an outside attack and ignores insider threats.
You are in the process of implementing policies and procedures that require employee identification. You observe employees holding a secure door for others to pass through. Which of the following training sessions should you implement to help prevent this in the future?
How to prevent piggybacking and tailgating. Piggybacking implies that the person who has opened the door with their credentials knows that others are following them in through the secure door
During an authorized penetration test, Michael discovered his client's financial records. Which of the following should he do?
Ignore the records and move on During a penetration test, the ethical hacker will run across or gain access to highly sensitive data. This could include clients' financial information, customer data, passwords, and more. In this situation, the hacker is expected to keep this information confidential and not view any more than is necessary for reporting purposes.
In a world where so much private information is stored and transferred digitally, it is essential to proactively discover weaknesses. An ethical hacker's assessment sheds light on the flaws that can open doors for malicious attackers. Which of the following types of assessments does an ethical hacker complete to expose these weaknesses?
Vulnerability assessment A vulnerability assessment refers to identifying weaknesses in an organization infrastructure, including its operating system, web applications, and web server.
Jaxon, a pentester, is discovering vulnerabilities and design flaws on the Internet that will open an operating system and applications to attack or misuse. Which of the following tasks is he accomplishing?
Vulnerability research Vulnerability research is the process of discovering vulnerabilities and design flaws that will open an operating system and its applications to attack or misuse. Time is on the attacker's side. It is crucial for an ethical hacker to put in the effort and time to research an organization from the outside in and to scan and gather information at every level.
A technician is using a modem to dial a large block of phone numbers in an attempt to locate other systems connected to a modem. Which type of network scan is being used?
Wardialing Wardialing uses a modem. The scan dials a large block of phone numbers and attempts to locate other systems connected to a modem. If the scan gets a response, it accepts the connection. Modems are still often used for fax machines, multi-purpose copiers, and as a backup for high-speed internet.
John, a security specialist, conducted a review of the company's website. He discovered that sensitive company information was publicly available. Which of the following information sharing policies did he discover were being violated?
an internet policy An internet information sharing policy would require a review of company websites to see what type of information is being shared about sensitive information.
The Simple Network Management Protocol (SNMP) is used to manage devices such as routers, hubs, and switches. SNMP works with an SNMP agent and an SNMP management station in which layer of the OSI model?
application layer The Application Layer (Layer 7) supports application and end-user processes. Examples include NFS, SNMP, Telnet, HTTP, and FTP.
Scany is a scanner application for iOS devices. It scans networks, websites, and ports to find open network devices. It can obtain domain and network names. It also includes basic networking utilities such as ping, traceroute, and whois.
colasoft Colasoft is a packet crafting software program that can be used to modify flags and adjust other packet content.
You want a list of all open UDP and TCP ports on your computer. You also want to know which process opened the port, which user created the process, and what time is was created. Which of the following scanning tools should you use?
currports Currports lists all open UDP and TCP ports on your computer. It also provides information about which process opened the port, which user created the process, and what time it was created.
Which of the following enumeration tools provides information about users on a Linux machine?
finger Using the finger command on Linux machines provides information about a user. When executed, it returns information such as the user's home directory, login time, idle times, office location, and the last time they received or read mail.
Randy is an ethical hacker student. He has learned how nmap flag manipulation can help find open ports. Although the name of the operating system did not jump right out at him, he might be able to figure it out by reviewing packet information. In a packet, Randy can see a TTL of 255 and a window size of 4128. What type of scanning process is Randy using?
fingerprinting You may be able to figure out which operating system a target is running by reviewing packet information. Fingerprinting relies on small differences in packets created by various operating systems. Differences can be noticed by examining the TTL values, TCP window size, DHCP requests, ICMP requests, HTTP packets, and open port patterns.
A hacker finds a target machine but wants to avoid getting caught, so the hacker finds another system to take the blame. This system is frequently called a zombie machine because it's disposable and creates a good distraction. Which of the following port scans is being used?
idle scan With an idle scan, the hacker finds a target machine but wants to avoid getting caught, so he finds another system to take the blame. This system is frequently called a zombie machine because it's disposable and creates a good distraction for the hacker. The scan directs all requests through the zombie machine. If that zombie machine is flagged, the hacker simply creates another zombie machine and continues with his work.
Which of the following assessment types relies on each step to determine the next step, and then only tests relevant areas of concern?
inference-based In an inference-based approach, you test and discover information as you go and then adjust your scan according to the information you acquire based on your discoveries.
An ethical hacker is running an assessment test on your networks and systems. The assessment test includes the following items: Inspecting physical security Checking open ports on network devices and router configurations Scanning for Trojans, spyware, viruses, and malware Evaluating remote management processes Determining flaws and patches on the internal network systems, devices, and servers Which of the following assessment tests is being performed?
internal assessment An internal assessment is an evaluation of a network that is created by testing and analyzing processes and systems inside the network. This assessment may include: Inspecting physical security Checking open ports on network devices and router configurations Scanning for Trojans, spyware, viruses, and malware Evaluating remote management processes Determining flaws and patches on the internal network systems, devices, and servers
Shawn, a malicious insider, has obtained physical access to his manager's computer and wants to listen for incoming connections. He has discovered the computer's IP address, 192.168.34.91, and he has downloaded netcat. Which of the following netcat commands would he enter on the two computers?
nc -l -p 2222 (manager's computer) and nc -nv 192.168.34.91 2222 (Shawn's machine) On the manager's computer, Shawn would enter nc -l -p 2222 (the -l switch listens for an incoming connection, and the -p switch tells netcat to use specific source port). On Shawn's computer, he would enter nc -nv 192.168.34.91 2222 (the -n switch tells netcat not to use DNS lookups, and the -v switch uses verbose output). The -s switch tells netcat to use the source IP address.
Which of the following is an online tool that is used to obtain server and web server information?
netcraft Netcraft is an online tool that is used to obtain server and web server information.
On your network, you have a Windows 10 system with the IP address 10.10.10.195. You have installed XAMPP along with some web pages, php, and forms. You want to put it on the public-facing internet, but you are not sure if it has any vulnerabilities. On your Kali Linux system, you have downloaded the nmap-vulners script from GitHub. Which of the following is the correct nmap command to run?
nmap --script nmap-vulners -sV 10.10.10.195 The command you will enter is nmap --script nmap-vulners -sV 10.10.10.195. The --script switch performs a script scan using the comma-separated list of filenames, script categories, and directories. The -sC switch performs a script scan using the default set of scripts.
Nmap can be used for banner grabbing. Nmap connects to an open TCP port and returns anything sent in a five-second period. Which of the following is the proper nmap command?
nmap -sV --script=banner ip_address Nmap attempts to determine the version of the service running on a port using nmap -sV -script=banner ip_address. When a packet is sent with no flags set and the port is open, there will be no response. You can check this lack of response with; nmap -sN ip_address. An Xmas tree scan gets its name because all of the flags are turned on, and the packet is lit up like a Christmas tree. To do an Xmas tree scan, use nmap -sX -v ip_address. -sT executes a TCP connect port scan (default without root privilege).
Which of the following assessment types can monitor and alert on attacks but cannot stop them?
passive Passive assessment uses sniffer traces from a remote system to determine a remote host's operating system and/or a network's current users. Wireshark is a common tool for this information gathering. It establishes the information retrieved from the sniffer traces obtained from the packets.
First, you must locate the live nodes in the network. Second, you must itemize each open port and service in the network. Finally, you test each open port for known vulnerabilities. These are the three basic steps in which of the following types of testing?
penetration As you conduct vulnerability scanning, it's important to understand that there are three basic steps in penetration testing. First, you must locate the live nodes in the network. Second, you must itemize each open port and service in the network. Finally, you test each open port for known vulnerabilities.
Which of the following scans is used to actively engage a target in an attempt to gather information about it?
port scan A port scan is the process of sending carefully crafted messages or packets to a target computer with the intent of learning more about it using a tool such as nmap.
Rose, an ethical hacker, has created a report that clearly identifies her findings and recommendations for locking down an organization's systems and patching problems. Which of the following phases of the vulnerability management life cycle is she working in?
risk assessment Risk assessment is the phase of evaluating the found vulnerabilities for threat level. You will need to create reports that clearly identify the problem areas to present to management. Then produce a plan of action to control the weaknesses, protect the information, and harden the systems.
You are using an iOS device. You want to scan networks, websites, and ports to find open network devices. Which of the following network mapping tools should you use?
scany Scany is a scanner application for iOS devices. It scans networks, websites, and ports to find open network devices. It can obtain domain and network names. It also includes basic networking utilities such as ping, traceroute, and whois.
Which of the following solutions creates the risk that a hacker might gain access to the system?
service-based A service-based solution is when a professional like yourself is hired to provide a solution. This would involve the vulnerability management life cycle. You would conduct the testing and solutions from outside the network. The risk of this approach is that, because it is from the outside, there is some potential for a hacker to gain access to the system.
Which of the following phases of the vulnerability management lifecycle implements patches, hardening, and correction of weaknesses?
the remediation phase The remediation phase is for implementing the needed patching, hardening, and correction of weaknesses.
What type of scan is used to find system weaknesses such as open ports, access points, and other potential threats?
vulnerability scan A vulnerability scan is used to find system weaknesses such as open ports, access points, and other potential threats. This type of scan is commonly done as a proactive measure, with the goal of catching problems internally before an attacker is able to locate those same vulnerabilities and act on them.
Which of the following is a consideration when scheduling a penetration test?
who is aware of the test? The rules of engagement must specify who is aware of the penetration test and its time frame. The less people who know, the more realistic the test will be.
Jorge, a hacker, has gained access to a Linux system. He has located the usernames and IDs. He wants the hashed passwords for the users that he found. Which file should he look in?
/etc/shadow The hashed passwords are stored in the /etc/shadow file.
Which of the following ports are used by null sessions on your network?
139 and 445 A Null Session attack uses the Windows net command to map a connection using a blank username and password. These connections would take place over port 139 (NetBIOS sessions services) or 445 (runs SMB over TCP/IP without NetBIOS).
The master service agreement is a contract where parties agree to the terms that will govern future actions. This makes future services and contracts much easier to handle and define.
A common legal contract outlining confidential material that will be shared during the assessment. A non-disclosure agreement (NDA) is a common legal contract that outlines confidential material or information that will be shared during the assessment and what restrictions are placed on it. This contract basically states that anything the tester finds cannot be shared except with the people specified in the document.
Which of the following best describes a master service agreement?
A contract where parties agree to the terms that will govern future actions. The master service agreement is a contract where parties agree to the terms that will govern future actions. This makes future services and contracts much easier to handle and define.
Closed-circuit television can be used as both a preventative tool (to monitor live events) or as an investigative tool (to record events for later playback). Which camera is more vandal-resistant than other cameras?
A dome camera A dome camera, which is a camera protected with a plastic or glass dome, is more vandal-resistant than other cameras.
There are two non-government sites that provide lists of valuable information for ethical hackers. Which of the following best describes the Full Disclosure site?
A mailing list that often shows the newest vulnerabilities before other sources. Full Disclosure is a mailing list from Nmap. This mailing list often shows the newest vulnerabilities before other sources.
Which of the following best describes active scanning?
A scanner transmits to a network node to determine exposed ports and can also independently repair security flaws. An active scanner transmits to the nodes within a network to determine exposed ports and can also independently repair security flaws.
Karen received a report of all the mobile devices on the network. This report showed the total risk score, summary of revealed vulnerabilities, and remediation suggestions. Which of the following types of software generated this report?
A vulnerability scanner A vulnerability scanner detects and classifies system weaknesses in computers, networks, and communications equipment, as well as predicts the effectiveness of countermeasures.
The Stuxnet worm was discovered in 2010 and was used to gain sensitive information on Iran's industrial infrastructure. This worm was probably active for about five years before being discovered. During this time, the attacker had access to the target. Which type of attack was Stuxnet?
APT An APT (advanced persistent threat) is a stealthy attack that gains access to a network or computer system and remains hidden for an extended period of time.
This type of assessment evaluates deployment and communication between the server and client. It is imperative to develop tight security through user authorization and validation. Open-source and commercial tools are both recommended for this assessment. Which of the following types of vulnerability research is being done?
Application flaws Flaws, while validating and authorizing the user, present the greatest threat to security in transactional applications. This type of assessment evaluates deployment and communication between the server and client. It is imperative to develop tight security through user authorization and validation. Open-source and commercial tools are both recommended for this assessment.
Information transmitted by the remote host can be captured to expose the application type, application version, and even operating system type and version. Which of the following is a technique hackers use to obtain information about the services running on a target system?
Banner grabbing Banner grabbing is a technique hackers use to obtain information about the services running on a target system. Capturing information transmitted by the remote host includes the application type, application version, and even operating system type and version.
Which of the following are the three metrics used to determine a CVSS score?
Base, temporal, and environmental The base metric denotes a vulnerability's unique characteristics. The temporal metric denotes the changeable attributes of a vulnerability. The environmental metric denotes vulnerabilities that are present only in certain environments or implementations.
Which enumeration process tries different combinations of usernames and passwords until it finds something that works?
Brute force Brute force attacks are usually automated. A program tries different combinations of usernames and passwords until it finds something that works.
Which of the following government resources is a dictionary of known patterns of cyberattacks used by hackers?
CAPEC CAPEC is a dictionary of known patterns of cyberattack used by hackers. Its website is capec.mitre.org. You can search this list by mechanisms of attack or domains of attack, as well as by key terms and CAPEC ID numbers. This resource is valuable because you can browse through it to see common attacks used by hackers, and you can search for specific patterns of attack.
The list of cybersecurity resources below are provided by which of the following government sites? Information exchange Training and exercises Risk and vulnerability assessments Data synthesis and analysis Operational planning and coordination Watch operations Incident response and recovery
CISA Cybersecurity and Infrastructure Security Agency (CISA) is a large government-sponsored organization that provides many resources for cyber security. This government site provides: Information exchange Training and exercises Risk and vulnerability assessments Data synthesis and analysis Operational planning and coordination Watch operations Incident response and recovery
As an ethical hacker, you are looking for a way to organize and prioritize vulnerabilities that were discovered in your work. Which of the following scoring systems could you use?
CVSS The Common Vulnerability Scoring System (CVSS) is a free and open industry standard for assessing the severity of computer system security vulnerabilities.
This government resource is a community-developed list of common software security weaknesses. They strive to create commonality in the descriptions of weaknesses of software security. Which of the following government resources is described?
CWE CWE is a community-developed list of common software security weaknesses. This creates a reference for identification, mitigation, and prevention of vulnerabilities. This list provides a standardization for evaluating assessment tools. This site combines the diverse ideas and perspectives from professionals, academics, and government sources to create a unified standard on cybersecurity.
The results section of an assessment report contains four sub-topics. Which of the following sub-sections contains the origin of the scan?
Classification Classification contains the origin of the scan.
Which type of penetration test is required to ensure an organization is following federal laws and regulations?
Compliance-based Compliance-based penetration tests are required to ensure an organization follows federal laws and regulations.
You are an ethical hacker contracting with a medical clinic to evaluate their environment. Which of the following is the first thing you should do?
Define the effectiveness of the current security policies and procedures. During the create a baseline phase, you start by defining the effectiveness of the current security policies and procedures. Establish the risks with how the security procedures are enforced and what may be overlooked. Try to see what the organization looks like from an outsider's perspective, as well as from an insider's point of view. No organization is immune to security gaps. Set goals with management with start dates and end dates. Determine which systems to begin with, set up testing standards, get approval in writing, and keep management informed as you go.
Which of the following best describes what FISMA does?
Defines how federal government data, operations, and assets are handled. The Federal Information Security Management Act (FISMA) was signed into law in 2002 and defines how federal government data, operations, and assets are handled.
In which phase of the ethical hacking process do you gather information from a system to learn more about its configurations, software, and services?
Enumeration Enumeration is the method of gathering information from a system to learn more about its configurations, software, and services.
Which of the following best describes a goal-based penetration test?
Focuses on the end results. The hacker determines the methods. A goal-based penetration test focuses on end results. The goals are specific, but the methods for reaching them are determined by the hacker himself.
Michael is performing a penetration test for a hospital. Which federal regulation does Michael need to ensure he follows?
HIPAA The Health Insurance Portability and Accountability Act (HIPPA) was created as health records and data started being stored electronically. Its goal is to create a set of standards that would ensure this information is kept safe and is only shared with the patient and medical professionals that need it.
It may be tempting for an organization to feel secure after going through the process of penetration testing and the corrections and hardening that you must perform. Which of the following should you help them to understand?
Hackers have time on their side, and there will always be new threats to security. It may be tempting for an organization to feel secure after going through the process of penetration testing and the corrections and hardening that you have performed, but it's important for you to help them understand that hackers have time on their side, and there will always be ongoing and new threats to security. Therefore, it is critical that the organization have monitoring tools in place and have regularly scheduled vulnerability maintenance testing.
Which of the following best describes the scan with ACK evasion method?
Helps determine whether the firewall is stateful or stateless and whether or not the ports are open. The Scan with ACK method helps you determine whether the firewall is stateful or stateless and whether or not the ports are open. In an ACK scan, the ACK flag is set. If a port is unfiltered, both open and closed ports return an RST packet. If the port is filtered, it returns either an error message or no response at all.
Which of the following assessment types focus on all types of user risks, including threats from malicious users, ignorant users, vendors, and administrators?
Host-based assessment A host-based assessment focuses on all types of user risks, including threats from malicious users, ignorant users, vendors, and administrators. Host-based assessment can also test the vulnerability of databases, firewalls, files, and web servers, and flag configuration errors.
Which of the following is the most basic way to counteract SMTP exploitations?
Ignore messages to unknown recipients instead of sending back error messages. The most basic way to counteract SMTP exploitation is to simply ignore messages to unknown recipients instead of sending back error messages.
During a penetration test, Mitch discovers child pornography on a client's computer. Which of the following actions should he take?
Immediately stop the test and report the finding to the authorities. If, during the scope of the penetration test, the hacker discovers evidence of illegal activity, they are legally obligated to report the evidence to the appropriate authorities.
Which of the following is a benefit of using a proxy when you find that your scanning attempts are being blocked?
It filters incoming and outgoing traffic, provides you with anonymity, and shields you from detection. A proxy serves as a less vulnerable access point to a network. Typically, proxies are placed in networks to keep external users from accessing the internal network. Proxies filter incoming and outgoing traffic, provide hackers with anonymity, and shield them from detection.
Which of the following best describes Qualys Vulnerability Management assessment tool?
It is a cloud-based service that keeps all your data in a private virtual database. Qualys Vulnerability Management is a cloud-based service that keeps all your data in a virtual private database. Qualys is easy to use and is capable of scanning large enterprises. Data is always encrypted during transit and at rest, so even though it is cloud-based, your data is secure. Only their scanners reside in your network.
After the enumeration stage, you are considering blocking port 389. Your colleague has advised you to use caution when blocking ports that could potentially impact your network. Which of the following necessary services could be blocked?
LDAP Hardening against LDAP enumeration can be tricky. Although blocking LDAP port 389 is an option, you can't always block ports, or you'll risk impacting your network. Blocking LDAP ports could prevent your clients from querying necessary services. The best way to secure LDAP is to review and implement the security settings and services available with your server software.
Which of the following is considered a mission-critical application?
Medical database Some applications are considered mission-critical and need to be off-limits to avoid any down time. This can include financial processing, medical databases, or other sensitive applications. None of the other application types would be considered mission-critical.
Jessica, an employee, has come to you with a new software package she would like to use. Before you purchase and install the software, you would like to know if there are any known security-related flaws or if it is commonly misconfigured in a way that would make it vulnerable to attack. You only know the name and version of the software package. Which of the following government resources would you consider using to find an answer to your question?
NVD NVD, or the National Vulnerability Database, was originally created in 2000. You can find it at nvd.nist.gov. The NVD list includes more specific information for each entry than the CVE list, such as fix information, severity scores, and impact ratings. It is searchable by product name or version number, vendor, operating system, impact, severity, and related exploit range.
Clive, a penetration tester, is scanning for vulnerabilities on the network, specifically outdated versions of Apple iOS. Which of the following tools should he use?
Nessus Nessus offers scanning on mobile devices and will let you know which devices are unauthorized or non-compliant. It also identifies outdated versions of Apple iOS and highlights devices that have not connected for a period of time.
A ping sweep is used to scan a range of IP addresses to look for live systems. A ping sweep can also alert a security system, which could result in an alarm being triggered or an attempt being blocked. Which type of scan is being used?
Network scan A network scan is designed to locate all the live hosts on a network. This type of scan will identify the systems that may be attacked later or those that may be scanned a little more closely.
Which of the following would be the best open-source tool to use if you are looking for a web server scanner?
Nikto Nikto is a web server scanner. It tests for outdated versions of more than 1,250 servers, scans for more than 6,000 files and programs that can be exploited, and checks for version-specific problems on more than 270 servers. It is important to note that this tool creates a large footprint by leaving a high volume of entries in the web server's log files.
Joe wants to use a stealthy Linux tool that analyzes network traffic and returns information about operating systems. Which of the following banner grabbing tools is he most likely to use?
P0F P0f is a Linux tool that analyzes network traffic and returns information on operating systems. Because it passively views traffic, it is a stealthy method for gathering information.
Which of the following flags is used by a TCP scan to direct the sending system to send buffered data?
PSH A TCP scan uses the PSH flag to direct the sending system to send buffered data
During a penetration test, Dylan is caught testing the physical security. Which document should Dylan have on his person to avoid being arrested?
Permission to test
Which of the following best describes the verification phase of the vulnerability management life cycle?
Proves your work to management and generates verifiable evidence to show that your patching and hardening implementations have been effective. The verification phase helps the security analyst to verify whether all the previous phases are effectively employed or not. So, in this phase, you retest the systems for verification. Even though you may be certain that you have corrected vulnerability issues and are confident in your work, you want to prove your work to management and have verifiable evidence to show that your patching and hardening implementations have been effective. You increase the value of your services when you can show the validity of your work.
Alex, a security specialist, is using an Xmas tree scan. Which of the following TCP flags will be sent back if the port is closed?
RST An Xmas tree scan gets its name because all of the flags are turned on, and the packet is lit up like a Christmas tree. The recipient has no idea what to do with this packet, so either the packet is ignored or dropped. If you get an RST flag, you know the port is closed. If you don't get a response, the port may be open.
Robby, a security specialist, is taking countermeasures for SNMP. Which of the following utilities would he most likely use to detect SNMP devices on the network that are vulnerable to attacks?
SNscan SNscan is a utility that is used to detect SNMP devices that are vulnerable to attacks.
Hugh, a security consultant, recommended the use of an internal and external DNS to provide an extra layer of security. Which of the following DNS countermeasures is being used?
SPLIT DNS DNS splitting, splitting the DNS into internal and external groups, provides an added layer of security
TCP is a connection-oriented protocol that uses a three-way handshake to establish a connection to a system port. Computer 1 sends a SYN packet to Computer 2. Which packet does Computer 2 send back?
SYN/ACk TCP is a connection-oriented protocol that uses a three-way handshake to establish a connection to a system port. Computer 1 sends a SYN packet to Computer 2. Computer 2 receives the packet and sends a SYN/ACK packet to Computer 1. Computer 1 receives the SYN/ACK packet and replies back with an ACK packet, and the connection is complete.
Which of the following includes a list of resolved vulnerabilities?
Security vulnerability summary A security vulnerability summary includes a list of resolved vulnerabilities and also covers every device or server that was scanned. It gives you information about current security flaws and vulnerabilities, including severity level, and lists resolved vulnerabilities.
You are looking for a vulnerability assessment tool that detects vulnerabilities in mobile devices and gives you a report containing a total risk score, a summary of revealed vulnerabilities, and remediation suggestions. Which of the following vulnerability assessment tools should you use?
SecurityMetrics Mobile SecurityMetrics Mobile detects vulnerabilities in mobile devices. It can help you protect customers' data and avoid unwanted app privileges, mobile malware, device theft, connectivity issues, threats to device storage, and unauthorized account access. You can expect a report containing a total risk score, a summary of revealed vulnerabilities, and remediation suggestions.
The Guest account is a user account for people who do not have individual accounts. The SID ends with -501.
TCP 53 Port 53 is used for DNS zone transfers.
LDAP is an internet protocol for accessing distributed directory services. If this port is open, it indicates that Active Directory or Exchange may be in use. What port does LDAP use?
TCP/UDP 389 TCP/UDP port 389 is used by the Lightweight Directory Access Protocol (LDAP.)
Typically, you think of the username as being the unique identifier behind the scenes, but Windows actually relies on the security identifier (SID). Unlike the username, a SID cannot be used again. When viewing data in the Windows Security Account Manager (SAM), you have located an account ending in -501. Which of the following account types did you find?
The built-in guest The Guest account is a user account for people who do not have individual accounts. The SID ends with -501.
Which of the following best describes telnet?
The tool of choice for banner grabbing that operates on port 23. Telnet is a tool that can be used for banner grabbing. It operates on port 23. If you type telnet ip_address, you'll send TCP packets to the destination port 23. However, by tacking a port number onto the end of the same command, you can check for other openings. If the port is open, you'll receive a banner response. These banners can include some interesting information about the target system, such as software type, software version, services, patches, and the last modification date.
Which of the following is a limitation of relying on regulations?
They rely heavily on password policies One of the drawbacks to many federal regulations is that they rely heavily on password policies, which are often outdated.
Which statement best describes a suicide hacker?
This hacker is only concerned with taking down their target for a cause. They have no concerns about being caught.
Diana, a penetration tester, executed the following command. Which answer describes what you learn from the information displayed?
This is a DNS zone transfer.. A DNS zone transfer is a mechanism available for administrators to replicate DNS databases across a set of DNS servers. Organizations should take measures not to allow zone transfers to just anyone.
A hacker has managed to gain access to the /etc/passwd file on a Linux host. What can the hacker obtain from this file?
Usernames, but no passwords The /etc/passwd file on a Linux host contains the following: The username and user ID used to identify each user. Passwords that are encrypted and saved on the computer or on the network. Group identification numbers (GIDs).
Which of the following best describes IPsec enumeration?
Uses ESP, AH, and IKE to secure communication between VPN endpoints. IPsec uses ESP (Encapsulation Security Payload), AH (Authentication Header), and IKE (Internet Key Exchange) to secure communication between virtual private network endpoints. Using enumeration tools, attackers can pull sensitive information such as the encryption and hashing algorithm, authentication type, and key distribution algorithm.
While reviewing video files from your organization's security cameras, you notice a suspicious person using piggybacking to gain access to your building. The individual in question did not have a security badge. Which of the following would you most likely implement to keep this from happening in the future?
Mantraps You could implement mantraps at each entrance to the facility to mitigate piggybacking. A mantrap is a specialized entrance with two doors that creates a security buffer zone between two areas. Once a person enters into the space between the doors, both doors are locked. To enter the facility, authentication must be provided. If authentication is not provided, the intruder is kept in the mantrap until authorities arrive.
Brandon is helping Fred with his computer. He needs Fred to enter his username and password into the system. Fred enters the username and password while Brandon is watching him. Brandon explains to Fred that it is not a good idea to allow anyone to watch you type in usernames or passwords. Which type of social engineering attack is Fred referring to?
shoulder surfing Shoulder surfing involves looking over someone's shoulder while they work on a computer to see usernames, passwords, or account numbers.
Which of the following best describes a supply chain?
A company provides materials to another company to manufacture a product A supply chain is set up when materials from one company are needed from another to manufacture a product.
Which of the following best describes a script kiddie?
A hacker who uses scripts written by much more talented individuals.
Heather is working for a cybersecurity firm based in Florida. She will be conducting a remote penetration test for her client, who is based in Utah. Which state's laws and regulations will she need to adhere to?
A lawyer should be consulted on which laws to adhere to and both parties agree. The laws that govern computer usage and hacking can vary from state to state. When this occurs, the penetration tester and the organization need to agree on which set of laws they will adhere to. Whenever there are any questions or concerns regarding laws and regulations, a lawyer should be consulted.
Heather has been hired to work in a firm's cybersecurity division. Her role will include performing both offensive and defensive tasks. Which of the following roles applies to Heather?
A member of the purple team The purple team is a mix of red and blue team members. They basically act as a pipeline between the two teams and can work on either side.
Which of the following information sharing policies addresses the sharing of critical information in press releases, annual reports, product catalogs, and marketing materials?
A printed materials policy A printed material information sharing policy would limit the sharing of critical information in press releases, annual reports, product catalogs, and marketing materials.
Section 1029 refers to fraud and related activity involving access devices. An access device is defined as any application or hardware that is created specifically to generate any type of access credentials.
An agreement between 41 countries to enforce similar export controls for weapons, including intrusion software. The Wassenaar Arrangement on Export Controls for Conventional Arms and Dual-Use Goods and Technologies is an agreement between 41 countries that generally hold similar views on human rights. The arrangement encourages the participating countries to hold similar export controls on weapons, including banning some and requiring licensing for others. This also includes intrusion software.
Which of the following is the difference between an ethical hacker and a criminal hacker?
An ethical hacker has permission to hack a system, and a criminal hacker doesn't have permission. The difference between an ethical hacker and a criminal hacker is that an ethical hacker always obtains permission to hack a system.
During a risk assessment, the organization determines that the risk of collecting personal data from its customers is not acceptable and stops. What method of dealing with risk is the organization using?
Avoidance When you identify a risk you can avoid, you should avoid it. This action is called risk avoidance.
Yesenia was recently terminated from her position, where she was using her personal cell phone for business purposes. Upon termination, her phone was remotely wiped. Which of the following corporate policies allows this action?
BYOD policy The BYOD policy must define the level of access employees have to company hardware and data and state clearly what happens on termination of employment. Usually, when an employee leaves the company, the device can be remotely wiped, and the employee needs to understand that they are giving the organization rights and access to do this.
ABC company is in the process of merging with XYZ company. As part of the merger, a penetration test has been recommended. Testing the network systems, physical security, and data security have all been included in the scope of work. What else should be included in the scope of work?
Company culture During the premerger, areas such as physical security, data security, company culture, and network systems need to be tested. A penetration test during this phase can help identify shortcomings and large differences that if left unattended could lead to disastrous results after the merger or acquisition.
Joe, a bookkeeper, works in a cubicle environment and is often called away from his desk. Joe doesn't want to sign out of his computer each time he leaves. Which of the following is the best solutions for securing Joe's workstation?
Configure the screen saver to require a password. The best solution is to configure the screen saver or screen lock to be applied after a short period of nonuse and to require a password to return to the desktop.
A penetration tester is trying to extract employee information during the reconnaissance phase. What kinds of data is the tester collecting about the employees?
Contact names, phone numbers, email addresses, fax numbers, and addresses During the reconnaissance phase, you gather information about a company. For employee information, the penetration tester collects contact names, phone numbers, email addresses, fax numbers, and addresses for any individuals associated with the target company.
Whenever a penetration tester is unsure of how to proceed with a situation, a lawyer should be contacted to make sure no laws are broken.
Corporate policies Corporate policies are the rules and regulations that are defined and put in place by an organization. As part of the risk assessment and penetration test, these policies should be reviewed and tested.
Charles found a song he wrote being used without his permission in a video on YouTube. Which law will help him protect his work?
DMCA The Digital Millennium Copyright Act (DMCA) was enacted in 1998 to protect copyrighted works.
Which of the following services is most targeted during the reconnaissance phase of a hacking attack?
DNS The DNS service is one of the most popular internet services targeted during the reconnaissance phase.
Jason is at home, attempting to access the website for his music store. When he goes to the website, it has a simple form asking for name, email, and phone number. This is not the music store website. Jason is sure the website has been hacked. How did the attacker accomplish this hack?
DNS cache poisoning In DNS cache poisoning, the attacker launches the attack on the chosen DNS server. Then, the attacker changes a target website's IP address to a fake website. When the user enters the target website's URL, the DNS server redirects them to the fake IP address modified by the attacker and then to a fake website controlled by the attacker.
Ron, a hacker, wants to get access to a prestigious law firm he has been watching for a while. June, an administrative assistant at the law firm, is having lunch at the food court around the corner from her office. Ron notices that June has a picture of a dog on her phone. He casually walks by and starts a conversation about dogs. Which phase of the social engineering process is Ron in?
Development phase The development phase involves two parts: selecting individual targets within a company and forming a relationship with those individuals.
Xavier is doing reconnaissance. He is gathering information about a company and its employees by going through their social media content. Xavier is using a tool that pulls information from social media postings that were made using location services. What is the name of this tool?
Echosec Echosec is a tool that can be used to pull information from social media postings that were made using location services.
Implementing emergency lighting that runs on protected power and automatically switches on when the main power goes off is part of which physical control?
Employee and visitor safety As you implement physical security, be sure to keep the safety of employees and visitors in mind. Consider the importance of the following actions: Implement adequate lighting in parking lots and around employee entrances. Implement emergency lighting that runs on protected power and automatically switches on when the main power goes off. Implement fail-open locking systems that allow employees to exit your facility quickly in the event of an emergency. Devise escape plans that utilize the best escape routes for each area in your organization. Post these escape plans in prominent locations. Conduct emergency drills to verify that the physical safety and security measures you have implemented function correctly. You can implement physical access controls inside the facility as follows: Physical controls may include key fobs, swipe cards, or badges. Physical controls may include biometric factors such as fingerprint scanners, retinal scanners, iris scanners, voice recognition, and facial recognition. To control access to sensitive areas within the facility, require a card swipe or reader. Some systems can track personnel movement within a facility and proactively lock or unlock doors based on the access token device. An anti-passback system prevents a card holder from passing a card back to someone else. Physical controls are often implemented along with sensors and alarms to detect unauthorized access.
Miguel is performing a penetration test on a web server. Miguel was given only the server's IP address and name. Which of the following best describes the type of penetration test Miguel is performing?
External An external test focuses on any publicly facing system, such as a web server that resides in the DMZ.
United States Code Title 18, Chapter 47, Section 1029 deals with which of the following?
Fraud and related activity involving access devices. Section 1029 refers to fraud and related activity involving access devices. An access device is defined as any application or hardware that is created specifically to generate any type of access credentials.
Miguel has been practicing his hacking skills. He has discovered a vulnerability on a system that he did not have permission to attack. Once Miguel discovered the vulnerability, he anonymously alerted the owner and instructed him how to secure the system. What type of hacker is Miguel in this scenario?
Gray Hat A gray hat hacker falls in the middle of the white hat and black hat hackers. The gray hat may cross ethical lines, but usually has good intentions and isn't being malicious like a black hat hacker.
Which of the following best describes what SOX does?
Implements accounting and disclosure requirements that increase transparency. The Sarbanes Oxley Act (SOX) was enacted in 2002 with the goal of implementing accounting and disclosure requirements that would increase transparency in corporate governance and financial reporting and formalize a system of internal checks and balances.
Which of the following elements of penetration testing includes the use of web surfing, social engineering, dumpster diving, and social networking?
Information gathering techniques During the reconnaissance phase, you gather information by reading a company's website, getting to know their employees, or dumpster diving.
Dan wants to implement reconnaissance countermeasures to help protect his DNS service. Which of the following actions should he take?
Install patches against known vulnerabilities and clean up out-of-date zones, files, users, and groups. Installing patches against known vulnerabilities and cleaning up out-of-date zones, files, users, and groups are good DNS reconnaissance countermeasures.
You are performing a penetration test of a local area network (LAN). Refer to the circled area on the network diagram. network. Which of the following types of penetration tests is being performed?
Internal An internal test will focus on any systems that logically resides behind the firewall. These can be off-site or on-site.
Which of the following best describes a physical barrier used to deter an aggressive intruder?
Large flowerpots Just as ID badges are an easy way to identify people, bollards are an easy physical barrier to deter aggressive intruders. Bollards can be small straight concrete pillars, flat barricades, ball shaped pieces of concrete, large flowerpots, or even cement picnic tables. The idea is to prevent attackers from forcing themselves in by driving through an exterior wall or door
Social engineers are master manipulators. Which of the following are tactics they might use?
Moral obligation, ignorance, and threatening Social engineers are master manipulators. Some of the most popular tactics they use are moral obligation, innate human trust, threatening, an easy reward, and ignorance.
The U.S. Department of Commerce has an agency with the goal of protecting organizational operations, assets, and individuals from threats such as malicious cyber-attacks, natural disasters, structural failures, and human errors. Which of the following agencies was created for this purpose?
NIST To protect data from threats and attacks, the U.S. Department of Commerce created the National Institute of Standards and Technology (NIST). NIST has released a special publication referred to as the NIST SP 800-53, which details security controls and assessment procedures that companies and organizations should implement to protect the integrity of their information systems. This document's goal is to protect organizational operations, assets, and individuals from many different kinds of threats, such as malicious cyberattacks, natural disasters, structural failures, and human errors.
Whois, Nslookup, and ARIN are all examples of:
Network footprinting tools Website and email footprinting can provide details on information flow, operating systems, filenames, and network connections. Whois, nslookup, and ARIN are examples of footprinting tools.
Miguel is performing a penetration test on his client's web-based application. Which penetration test frameworks should Miguel utilize?
OWASP The Open Web Application Security Project (OWASP) describes techniques for testing the most common web application and web service security issues.
Which of the following defines the security standards for any organization that handles cardholder information for any type of payment card?
PCI DSS The Payment Card Industry Data Security Standards (PCI DSS) defines the security standards for any organization that handles cardholder information for debit cards, credit cards, prepaid cards, and any other type of payment cards.
Which of the following is a common corporate policy that would be reviewed during a penetration test?
Password policy The password policy will usually state how many and what types of characters a password should contain. The policy will also state when the password can be changed.
Randy was just hired as a penetration tester for the red team. Which of the following best describes the red team?
Performs offensive security tasks to test the network's security. The red team is made up of offensive security specialists that constantly work against the blue team to test the organization's security stance.
Using a fictitious scenario to persuade someone to perform an action or give information they aren't authorized to share is called:
Pretexting Pretexting is using a fictitious scenario to persuade someone to perform an action or give information they aren't authorized to share.
A dome camera, which is a camera protected with a plastic or glass dome, is more vandal-resistant than other cameras.
Preventing interruptions of computer services caused by problems such as fire. Important aspects of physical security include: Restricting physical access to facilities and computer systems. Preventing interruptions of computer services caused by problems such as loss of power or fire. Preventing unauthorized disclosure of information. Disposing of sensitive material. Protecting the interior and exterior of your facility.
What are the three factors to keep in mind with physical security?
Prevention, detection, and recovery There are three factors to keep in mind with physical security: Prevention is making the location less appealing to hackers. Detection is identifying what was broken into, what is missing, and the extent of the damage. Recovery is reviewing the physical security procedures, repairing any damage, and hardening the physical security of the company against future problems.
During a penetration test, Heidi runs into an ethical situation she's never faced before and is unsure how to proceed. Which of the following should she do?
Reach out to an attorney for legal advice. Whenever a penetration tester is unsure of how to proceed with a situation, a lawyer should be contacted to make sure no laws are broken.
When a penetration tester starts gathering details about employees, vendors, business processes, and physical security, which phase of testing are they in?
Reconnaissance During the reconnaissance phase, you gather information about a company. In addition to technical information, you'll want to gather details about employees, vendors, business processes, and physical security.
The penetration testing life cycle is a common methodology used when performing a penetration test. This methodology is almost identical to the ethical hacking methodology. Which of the following is the key difference between these methodologies?
Reporting The only difference between the penetration testing life cycle and ethical hacking methodology is the focus on the documentation of the penetration test. A detailed report of the tests performed and everything that was discovered is important to a penetration test. Reconnaissance, gaining access, and maintaining access are all steps in both methodologies.
What does an organization do to identify areas of vulnerability within their network and security systems?
Risk Assessment The purpose of a risk assessment is to identify areas of vulnerability within the organization's network. The risk assessment should look at all areas, including high value data, network systems, web applications, online information, and physical security, including operating systems and web servers. This is done before beginning a penetration test.
Heather is performing a penetration test. She has gathered a lot of valuable information about her target already. Heather has used some hacking tools to determine that, on her target network, a computer named Production Workstation has port 445 open. Which step in the ethical hacking methodology is Heather performing?
Scanning and enumeration Scanning is the second phase in the ethical hacking methodology. The hacker uses various tools to gather in-depth information about the network, computer systems, live systems, open ports, and more. Extracting information such as usernames, computer names, network resources, shares, and services is known as enumeration. Enumeration is a part of the Scanning step.
Which of the following documents details exactly what can be tested during a penetration test?
Scope of Work The scope of work is a very detailed document that defines exactly what software, and hardware, test types, and facility features are going to be included in the penetration test. This document is also referred to as the statement of work.
Which of the following is a deviation from standard operating security protocols?
Security exception A security exception is any deviation from standard operating security protocols. It should be determined if you will be put on a whitelist or blacklist for the test on any IPS, Firewall, or other network access control systems.
Which of the following policies would cover what you should do in case of a data breach?
Sensitive data handling policy The policy for handling sensitive data should detail who has access to data, how data is secured, and what to do if an unauthorized person gains access to the data.
What does the Google Search operator allinurl:keywords do?
Shows results in pages that contain all of the listed keywords. allinurl:keywords shows results in pages that contain all of the listed keywords. index of /keyword displays websites where directory browsing has been enabled. intitle:keyword shows results in pages that contain the keyword in the title. related:website displays websites similar to the one listed.
Any attack involving human interaction of some kind is referred to as:
Social Engineering Social engineering refers to any attack involving human interaction of some kind. Attackers who use social engineering try to convince a victim to perform actions or give out information they wouldn't under normal circumstances.
MinJu, a penetration tester, is testing a client's security. She notices that every Wednesday, a few employees go to a nearby bar for happy hour. She goes to the bar and starts befriending one of the employees with the intention of learning the employee's personal information. Which information gathering technique is MinJu using?
Social engineering Social engineering is an attempt to get to know a company's employees or vendors. After-work social gatherings can provide important tidbits of information about an employee and about a company, especially its weaknesses.
A goal-based penetration test needs to have specific goals. Using SMART goals is extremely useful for this. What does SMART stand for?
Specific/Measurable/Attainable/Relevant/Timely SMART goals are very useful when establishing and defining the goals of a penetration test. SMART goals help create goals that are specific, measurable, attainable, relevant, and timely (or time-bound).
Julie configures two DNS servers, one internal and one external, with authoritative zones for the corpnet.xyz domain. One DNS server directs external clients to an external server. The other DNS server directs internal clients to an internal server. Which of the following DNS countermeasures is she implementing?
Split DNS A split DNS is implemented with two DNS servers configured to be authoritative for the same domain, one on the external network and one on the internal network.
Which of the following best describes social engineering?
The art of deceiving and manipulating others into doing what you want. Social engineering is the art of deceiving and manipulating others into doing what you want. Social engineering techniques can occur during in-person interactions. For example, a social engineer may dress as pest control professional to gain access to a building.
Which of the following best describes a gray box penetration test?
The ethical hacker has partial information about the target or network. In a gray box penetration test, the ethical hacker is given partial information about the target or network, such as IP configurations and email lists. This test simulates an insider threat.
After performing a risk assessment, an organization must decide what areas of operation can be included in a penetration test and what areas cannot be included. Which of the following describes the process?
Tolerance After a risk assessment is performed and vulnerable areas identified, the organization needs to decide their tolerance level for performing a penetration test. Areas of risk that can be tolerated need to be placed in the scope of work, whereas those critical areas may need to be place out of scope, or off-limits.
You are a security consultant and have been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a biometric fingerprint lock. A receptionist is located next to the locked door in the reception area. She uses an iPad application to log any security events that may occur. She also uses her iPad to complete work tasks as assigned by the organization's CEO. What could you do to add an additional layer of security to this organization?
Train the receptionist to keep her ipad in a locked drawer In this scenario, the best option to add an additional layer of security is to train the receptionist to keep her iPad in a locked drawer.
You have implemented a regular backup schedule for a Windows system, backing up data files every night and creating a system image backup once per week. For security reasons, your company has decided not to store a redundant copy of the backup media at an off-site location. Which of the following would be the best backup and storage option?
Use incremental backups and store them in a locked fireproof safe. Incremental backups back up every file that's changed since the last full or incremental backup. If you can't store backups at an off-site location, you should make sure that the backups are locked up and that measures are taken to protect the backups from a disaster.
An attack that targets senior executives and high-profile victims is referred to as:
Whaling Whaling is another form of phishing that targets senior executives and high-profile victims.
Which of the following best describes the rules of engagement document?
Which of the following best describes the rules of engagement document? The rules of engagement define if the test will be a white box, gray box, or black box test. It should also explicitly state how to handle sensitive data and outline a process for communicating with the IT department about any issues that may arise during the test.
Which type of threat actor only uses skills and knowledge for defensive purposes?
White hat A white hat is a skilled hacker who uses their skills and knowledge for defensive purposes only. Many organizations and companies now employ these security analysts, who understand the hacker's mindset.
Miguel is performing a penetration test. His client needs to add Miguel's computer to the list of devices allowed to connect to the network. What type of security exception is this?
Whitelisting If a device is whitelisted, then traffic coming from it will be allowed through the IPS, Firewall, or network access control system.
Iggy, a penetration tester, is conducting a black box penetration test. He wants to do reconnaissance by gathering information about ownership, IP addresses, domain name, locations, and server types. Which of the following tools would be most helpful?
Whois Whois is a utility used to gain information about a target network. It can gather information about ownership, IP addresses, domain name, location, server type, and the date the site was created.
You get a call from one of your best customers. The customer is asking about your company's employees, teams, and managers. What should you do?
You should not provide any information and forward the call to the help desk. Every employee in the company should be taught that if somebody calls them and claims to be someone who needs employee information, especially usernames and passwords, they should forward that call to the help desk.
Hannah is working on the scope of work with her client. During the planning, she discovers that some of the servers are cloud-based servers. Which of the following should she do?
add the cloud host to the scope of work Since Hannah is in the planning stage, she will need to add the cloud host to the scope of work. Cloud-based systems require some extra steps before penetration testing can begin. The issue is that the systems aren't owned by the client, but by the cloud hosting provider. An organization might be required to conduct penetration tests to meet regulations. But, in this case, the cloud provider must also authorize the penetration test and will need to be involved and approve the scope of work.
Which of the following best describes an inside attacker?
an unintentional threat actor; the most common threat An insider could be a customer, a janitor, or even a security guard, but most of the time, it's an employee. Employees pose one of the biggest threats to any organization. An unintentional threat actor is the most common insider threat.
There are three factors to keep in mind with physical security: Prevention is making the location less appealing to hackers. Detection is identifying what was broken into, what is missing, and the extent of the damage. Recovery is reviewing the physical security procedures, repairing any damage, and hardening the physical security of the company against future problems.
security sequence The security sequence area of physical security should be deployed in the following sequence. If a step in the sequence fails, the next step should implement itself automatically. Deter initial access attempts. Deny direct physical access. Detect the intrusion. Delay the violator to allow for response. When designing physical security, implement a layered defense system. A layered defense system is one in which controls are implemented at each layer to ensure that defeating one level of security does not allow an attacker subsequent access.
You have a set of DVD-RW discs that were used to archive files from your latest project. You need to prevent the sensitive information on the discs from being compromised. Which of the following methods should you use to destroy the data?
shred the discs To completely prevent reading data from discs, destroy them using a DVD shredder or crushing
You are instant messaging a coworker, and you get a malicious link. Which type of social engineering attack is this?
spim Spim is a malicious link sent to the target over instant messaging.
The process of analyzing an organization's security and determining its security holes is known as:
threat modeling Threat modeling is the process of analyzing an organization's security and determining its security holes. Once a threat model is put together, the organization can begin securing its systems and data.
Penetration testing is the practice of finding vulnerabilities and risks with the purpose of securing a computer or network. Penetration testing falls under which all-encompassing term?
Ethical hacking: is an all-encompassing term that includes all hacking methods, so penetration testing is a part of ethical hacking.
Which of the following elements is generally considered the weakest link in an organization's security?
Human It is commonly accepted that the weakest link in any security model is the human element. If included in the scope of work, social engineering techniques can be used to test the people in an organization
Heather is in the middle of performing a penetration test when her client asks her to also check the security of an additional server. Which of the following documents does she need to submit before performing the additional task?
change order When a change to the scope of work is requested, a change order should be filled out and agreed on. Once this is done, the additional tasks can be completed.
Compliments, misinformation, feigning ignorance, and being a good listener are tactics of which social engineering technique?
elicitation Elicitation is a technique that aims to extract information from a target without arousing suspicion. Some of the elicitation tactics are giving compliments, delivering misinformation, feigning ignorance, and being a good listener.
Which of the following is the third step in the ethical hacking methodology?
gain access Gaining access is the third phase in the ethical hacking methodology. In this phase, the hacker uses all the information gathered through reconnaissance and scanning and then exploits vulnerabilities to gain access.
What's the name of the open-source forensics tool that can be used to pull information from social media postings and find relationships between companies, people, email addresses, and other information?
maltego Maltego is an open-source forensics tool that can be used to pull information from social media postings and find relationships between companies, people, email addresses, and other information.
On her way to work, Angela accidentally left her backpack with a company laptop at the coffee shop. What type of threat has she caused the company?
man-made threat Human threats can be outsiders or insiders, so it can be tricky to safeguard against them all. Man-made threats include: Theft Vandalism Destruction
You are in the reconnaissance phase at the XYZ company. You want to use nmap to scan for open ports and use a parameter to scan the 1,000 most common ports. Which nmap command would you use?
nmap -sS xyzcompany.com -sS TCP SYN port scan (default) scans the 1,000 most common ports. -sV attempts to determine the version of the service running on port. -sT TCP connects a port scan (default without root privilege). -sA executes a TCP ACK port scan.
You have found the IP address of a host to be 172.125.68.30. You want to see what other hosts are available on the network. Which of the following nmap commands would you enter to do a ping sweep?
nmap -sn 172.125.68. 1-255 The nmap -sn command is used to disable port scanning. The command nmap -sn 172.125.8. 1-225 will scan a range of ip addresses without listing the ports. The nmap -sS command is used for a TCP SYN port scan (default). The nmap -sU command is used for UDP port scans. The nmap -sM command is used for TCP Maimon port scans.
Which type of attack involves changing the boot order on a PC so that the hacker can gain access to the computer by bypassing the install operating system?
physical attack Physical security is the protection of corporate assets including property, facilities, equipment, and personnel from damage, theft, or harm. Physical attacks include items such as cold boot attacks, badge cloning, and BIOS access attacks.
A client asking for small deviations from the scope of work is called:
scope creep In project management, one of the most dangerous things to look out for is scope creep. This is when the client begins asking for small deviations from the scope of work. This can cause the project to go off track and increase the time and resources needed to complete it.
Which document explains the details of an objective-based test?
scope of work The scope of work is a very detailed document that defines exactly what is going to be included in a penetration test. This document is also referred to as the statement of work.
